SQL Injection Vulnerability in Online Medicine Guide by Code-Projects
CVE-2025-8442
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 1 August 2025
Badges
What is CVE-2025-8442?
An SQL injection vulnerability has been identified in version 1.0 of the Online Medicine Guide developed by Code-Projects. This vulnerability resides in the file /cussignup.php, where improper handling of the argument 'uname' allows attackers to manipulate database queries. As a result, this flaw enables unauthorized access to sensitive database information. Attackers can exploit this vulnerability remotely, posing a significant risk to systems running the affected product. The exploit has been publicly disclosed, increasing the urgency for affected users to implement necessary security measures.
Affected Version(s)
Online Medicine Guide 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved